Fei Han,Jing Qin,Jiankun Hu

DOI: https://doi.org/10.1016/j.future.2016.01.007

IF: 7.307

2016-01-01

Future Generation Computer Systems

Abstract:Cloud security is a huge concern when users and enterprises consider to deploy cloud computing services. This article mainly presented an important aspect of cloud security which is called searchable encryption. Searchable encryption is a scheme that enable users to secure search on encrypted data stored in cloud. To guarantee privacy of users' data, users encrypt their data files before uploading, then when they need to fetch some files, they can use searchable encryption to execute keyword search on encrypted data. Searchable encryption can be classified by three models, each is corresponding with different application scenario. Two of them are suitable with cloud architecture. They are called searchable public key encryption and searchable symmetric encryption respectively. Searchable public key encryption is mainly for data sharing scenario. A user wants to share some data files with other users privately. He can encrypt these files with receivers' public key. And receivers can securely search on it with their private keys. Searchable symmetric encryption can enable users securely using their online storage. They can upload data files which are encrypted with their secret keys. And then they can securely search on these encrypted data with the secret key no matter when and where they are. (C) 2016 Elsevier B.V. All rights reserved.

Feng Li,Jianfeng Ma,Yinbin Miao,Ximeng Liu,Jianting Ning,Robert H. Deng

DOI: https://doi.org/10.1145/3617991

IF: 16.6

2024-01-01

ACM Computing Surveys

Abstract:Outsourcing data to the cloud has become prevalent, so Searchable Symmetric Encryption (SSE), one of the methods for protecting outsourced data, has arisen widespread interest. Moreover, many novel technologies and theories have emerged, especially for the attacks on SSE and privacy-preserving. But most surveys related to SSE concentrate on one aspect (e.g., single keyword search, fuzzy keyword search) or lack in-depth analysis. Therefore, we revisit the existing work and conduct a comprehensive analysis and summary. We provide an overview of state-of-the-art in SSE and focus on the privacy it can protect. Generally, (1) we study the work of the past few decades and classify SSE based on query expressiveness. Meanwhile, we summarize the existing schemes and analyze their performance on efficiency, storage space, index structures, and so on.; (2) we complement the gap in the privacy of SSE and introduce in detail the attacks and the related defenses; (3) we discuss the open issues and challenges in existing schemes and future research directions. We desire that our work will help novices to grasp and understand SSE comprehensively. We expect it can inspire the SSE community to discover more crucial leakages and design more efficient and secure constructions.

Hoang Pham,Jason Woodworth,Mohsen Amini Salehi

DOI: https://doi.org/10.1002/cpe.5284

2019-04-07

Concurrency and Computation: Practice and Experience

Abstract:Cloud computing has become a potential resource for businesses and individuals to outsource their data to remote but highly accessible servers. However, the potential of cloud services has not been fully realized due to users concerns about data privacy and security. User‐side encryption techniques can be employed to mitigate the security concerns, but once the data is encrypted, no processing (eg, searching) can be performed on the outsourced data. Searchable Encryption (SE) techniques have been widely studied to enable searching on the data while they are encrypted. These techniques enable various types of search on the encrypted data and offer different levels of security. While these techniques enable different search types and vary in details, they share similarities in their components and architectures. In this paper, we provide a comprehensive survey on different secure search techniques, a high‐level architecture for these systems, and an analysis of their performance and security level.

Liang Hu,Tengfei Li,Yan Li,Jianfeng Chu,Hongtu Li,Hongying Han

DOI: https://doi.org/10.12720/jcm.10.10.766-772

2015-01-01

Abstract:In cloud computing, users usually outsource their private data to the cloud storage to save the local storage space and reduce the management costs. Cloud storage is a commonly used cloud computing service which enables users to remotely access data in a cloud anytime and anywhere, using any device, in a pay-as-you-go manner. To protect the confidentiality and privacy of the stored data on the remote untrusted cloud server, cryptographic methods have to be applied. Searchable Encryption (SE) is a recently developed cryptographic primitive that supports keyword search over encrypted data, which enables users to encrypt their sensitive data and store it to the remote server, while retaining the ability to search by keywords. The search process of SE is as follows: A user sends to the server a secret token, the token could be a transformation of the queried keywords; then the server searches the encrypted data according to the token and returns the matched documents. The main purpose of this paper is to research the SE based on keywords in cloud storage. Firstly, we introduce the research background and the current development of SE schemes. Then, we review and make comparison of some related SE schemes. Finally, some issues that need to solve are list.

Wang Yunling,Chen Xiaofeng

DOI: https://doi.org/10.11999/jeit190890

2020-01-01

Abstract:Cloud computing, as a new computing paradigm, offers dynamically scalable and seemly unbounded storage and computation resources in a pay-as-you-go manner. In order to enjoy superior data services and reduce the local maintenance cost, more and more resource-constrained users prefer to outsource their data to the cloud server. However, outsourcing data to the remote server suffers from data security concerns, because the server may try to learn the information of the outsourced data as much as possible for commercial purpose. The traditional encryption technique can protect the confidentiality of users’ data, however, it leads to the loss of search ability over the encrypted data. Fortunately, searchable encryption, as a promising solution, enables the server to perform keyword-based search over encrypted data. Recently, the design of searchable encryption scheme is becoming more and more diversified, aiming to improve the practicability of the scheme. This paper focuses on the current research for searchable encryption scheme in four aspects, including single keyword search, multi-modal search, forward/ backward secure search and verifiable search. This paper mainly introduces and analyzes the representative research results, summarizes the latest research progress and key technical difficulties, and finally prospects the future research direction.

Yinbin Miao,Jiajia Liu,Jianfeng Ma

DOI: https://doi.org/10.1007/978-3-319-21837-3_40

2015-01-01

Abstract:Cloud computing has increased rapidly due to its abundant benefits in terms of low cost and accessability of data. Privacy protection and data security are two issues in cloud computing, as users often outsource sensitive information to honest-but-curious cloud storage providers (CSP). While encryption seriously obsoletes the traditional information retrieval over plaintext. Therefore, searchable encryption (SE) technology which allows the users to securely search over cipher-text through keywords and selectively retrieve files of interest becomes important. Dealing with single CSP is predicted to become less popular with cloud customers for fear of risks of single-point failure threat and potential malicious insiders. To tackle above problems, two schemes based on Identity-Based Encryption (IBE) and Key-Policy Attribute-Based Encryption (KP-ABE) are proposed in multi-clouds environment, respectively. Through rigorous security and performance analysis, both schemes can ensure security and reliability, and greatly reduce computational burden.

Qingqing Gan,Cong Zuo,Jianfeng Wang,Shi-Feng Sun,Xiaoming Wang

DOI: https://doi.org/10.1007/978-3-030-36938-5_3

2019-01-01

Abstract:Searchable symmetric encryption (SSE) has been proposed that enables the clients to outsource their private encrypted data onto the cloud server and later the data can be searched with limited information leakage. However, existing surveys have not covered most recent advances on SSE technique. To fill the gap, we make a survey on state-of-the-art representative SSE schemes in cloud environment. We mainly focus on dynamic SSE schemes with forward and backward privacy, two vital security elements to maintain query privacy during data update operations. Specifically, we discuss about SSE protocols based on query expressiveness, including single keyword search, conjunctive keyword search, range search, disjunctive keyword search and verifiable search. Finally, through comparison on query expressiveness, security and efficiency, we demonstrate the strengths and weaknesses of the existing SSE protocols.

Dong Xiaolei,Zhou Jun,Cao Zhenfu

DOI: https://doi.org/10.7544/issn1000-1239.2017.20170627

2017-01-01

Journal of Computer Research and Development

Abstract:With the development of big data and cloud computing ,the issue of secure search via the technique of searchable encryption has increasingly been the focus of the researchers in cryptography and network security all over the world .In the light of the new theories ,new solutions and new techniques of searchable encryption , this paper presents a survey mainly from the following four aspects : the modes , the security , the expressiveness and the efficiency of secure searchable encryption .It discusses the new theories which are essential to secure search for ubiquitous network , including searchable encryption , attribute-based encryption , and applying these cryptographic mechanisms to obtain the generalized solutions to the theoretical problems of secure search in types of new emerging network services .Based on the aforementioned theoretical results ,this paper studies the new approaches to construct practical secure search for these network services ,comprising the light-weight public-key cryptographic algorithms , reducing the times of applying the light-weight public-key cryptographic algorithms in secure search , and exploiting any public-key cryptographic algorithm only once to obtain new approaches for secure search in the environment of resource-constrained network applications . We also focus on studying how to apply the new theories and approaches to solve the problems associated to secure search in different kinds of networks ,including body area network , wireless vehicular ad hoc network , smart grid and so on . It is traditionally required to apply inefficient public-key cryptographic algorithms a number of times to construct secure search protocols .How to manipulate the public-key cryptographic algorithms and make them suitable to be used in resource-constrained networks becomes the key issue . Light-weighting public-key cryptographic algorithms is certainly a convincing way to address it .On the other hand ,minimizing the number (once would be ideal) of applying the light-weighted public-key cryptographic algorithms guarantees more efficient and practical solutions and thus is the key problem to address the issue . Finally ,we suggest several interesting open research issues and the trend in the future .

Yunhong Zhou,Na Li,Yanmei Tian,Dezhi An,Licheng Wang

DOI: https://doi.org/10.3390/e22040421

2020-04-08

Abstract:With the popularization of cloud computing, many business and individuals prefer to outsource their data to cloud in encrypted form to protect data confidentiality. However, how to search over encrypted data becomes a concern for users. To address this issue, searchable encryption is a novel cryptographic primitive that enables user to search queries over encrypted data stored on an untrusted server while guaranteeing the privacy of the data. Public key encryption with keyword search (PEKS) has received a lot of attention as an important branch. In this paper, we focus on the development of PEKS in cloud by providing a comprehensive research survey. From a technological viewpoint, the existing PEKS schemes can be classified into several variants: PEKS based on public key infrastructure, PEKS based on identity-based encryption, PEKS based on attribute-based encryption, PEKS based on predicate encryption, PEKS based on certificateless encryption, and PEKS supporting proxy re-encryption. Moreover, we propose some potential applications and valuable future research directions in PEKS.

Jianting Ning,Jia Xu,Kaitai Liang,Fan Zhang,Ee-Chien Chang

DOI: https://doi.org/10.1109/tifs.2018.2866321

IF: 7.231

2019-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Searchable encryption (SE) provides a privacy-preserving mechanism for data users to search over encrypted data stored on a remote server. Researchers have designed a number of SE schemes with high efficiency yet allowing some degree of leakage profile to the remote server. The leakage, however, should be further measured to allow us to understand what types of attacks an SE scheme would encounter. This paper considers passive attacks that make inferences based on prior knowledge and observations on queries issued by users. This is in contrast to previously studied active attacks that adaptively inject files and queries. We consider several assumptions on the types or prior knowledge the attacker possessed and propose a few passive attacks. In particular, under the "full-fledged" assumption, the keyword recovery rate of our attack is optimal in the sense that it is equal to the theoretical upper bound. We further present several enhanced attacks under other weaker assumptions on various levels of the prior knowledge that the attacker can obtain, in which the keyword recovery rates are optimal or nearly optimal (i.e., approaching the theoretical upper bound). In addition, we provide extensive experiments to show the "power" of our passive attacks. This paper highlights the importance of minimizing the prior knowledge of a server and the leakage of search queries. It also shows that simply distorting the frequency of the keyword to hold against our passive attacks may not scale well.

XU Peng,JIN Hai

DOI: https://doi.org/10.11959/j.issn.2096-109x.2016.00101

2016-01-01

Abstract:Searchable encryption has been recognized as a promising method to achieve the secure cloud search.According to the types of encryption keys,searchable encryption can be divided into searchable public-key and symmetric-key encryptions.The existing and well-known schemes of those two kinds of encryptions,their limitations,and the corresponding solutions were introduced.Specifically,two works under the condition of high security were introduced:one was to reduce the search complexity of searchable public-key encryption; the other one was to achieve the physical deletion of searchable symmetric-key ciphertexts.

Chen Guo,Xingbing Fu,Yaojun Mao,Guohua Wu,Fagen Li,Ting Wu

DOI: https://doi.org/10.3390/info9100242

2018-01-01

Information

Abstract:With the advent of cloud computing, more and more users begin to outsource encrypted files to cloud servers to provide convenient access and obtain security guarantees. Searchable encryption (SE) allows a user to search the encrypted files without leaking information related to the contents of the files. Searchable symmetric encryption (SSE) is an important branch of SE. Most of the existing SSE schemes considered single-user settings, which cannot meet the requirements for data sharing. In this work, we propose a multi-user searchable symmetric encryption scheme with dynamic updates. This scheme is applicable to the usage scenario where one data owner encrypts sensitive files and shares them among multiple users, and it allows secure and efficient searches/updates. We use key distribution and re-encryption to achieve multi-user access while avoiding a series of issues caused by key sharing. Our scheme is constructed based on the index structure where a bit matrix is combined with two static hash tables, pseudorandom functions and hash functions. Our scheme is proven secure in the random oracle model.

Qiyang Song,Zhuotao Liu,Jiahao Cao,Kun Sun,Qi Li,Cong Wang

DOI: https://doi.org/10.1109/tifs.2020.3042058

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Searchable symmetric encryption (SSE) enables users to search over encrypted documents in untrusted clouds without leaking the search keywords to the clouds. Existing SSE schemes achieve high search efficiency at the expense of leaking access patterns and search patterns, where clouds can recover a large percentage of queried keywords using the leaked access patterns and search patterns. To prevent clouds from recovering users' keywords, researchers have proposed a number of solutions to protect either search patterns or access patterns. However, none of them can protect both access patterns and search patterns. Moreover, existing SSE schemes cannot work in the generic database setting that allows multiple users to write or read over encrypted documents. In this paper, we propose an efficient searchable symmetric encryption scheme, called SAP-SSE, which protects both access patterns and search patterns in the generic database setting. The main idea of protecting search patterns is to leverage re-encryption cryptosystems to shuffle index entries over multiple clouds. To protect access patterns, we distribute secure indexes to multiple clouds and then propose an index redistribution protocol that allows users to renew index entries in clouds. Furthermore, SAP-SSE provides a configurable security policy to balance security and efficiency. Formal security analysis and experimental evaluation show that SAP-SSE can prevent pattern leakage with low overhead.

computer science, theory & methods,engineering, electrical & electronic

Fateh Boucenna

DOI: https://doi.org/10.48550/arXiv.2002.10294

2020-02-24

Cryptography and Security

Abstract:Companies and individuals demand more and more storage space and computing power. For this purpose, several new technologies have been designed and implemented, such as the cloud computing. This technology provides its users with storage space and computing power according to their needs in a flexible and personalized way. However, the outsourced data such as emails, electronic health records, and company reports are sensitive and confidential. Therefore, It is primordial to protect the outsourced data against possible external attacks and the cloud server itself. That is why it is highly recommended to encrypt the sensitive data before being outsourced to a remote server. To perform searches over outsourced data, it is no longer possible to exploit traditional search engines given that these data are encrypted. Consequently, lots of searchable encryption (SE) schemes have been proposed in the literature. Three major research axes of searchable encryption area have been studied in the literature. The first axis consists in ensuring the security of the search approach. Indeed, the search process should be performed without decryption any data and without causing any sensitive information leakage. The second axis consists in studying the search performance. In fact, the encrypted indexes are less efficient than the plaintext indexes, which makes the searchable encryption schemes very slow in practice. More the approach is secure, less it is efficient, thus, the challenge consists in finding the best compromise between security and performance. Finally, the third research axis consists in the quality of the returned results in terms of relevance and recall. The problem is that the encryption of the index causes the degradation of the recall and the precision. Therefore, the goal is to propose a technique that is able to obtain almost the same result obtained in the traditional search.

Yunbo Yang,Yiwei Hu,Xiaolei Dong,Jiachen Shen,Zhenfu Cao,Guomin Yang,Robert H. Deng

DOI: https://doi.org/10.1109/jiot.2023.3337336

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) has greatly changed our lives and generated a large amount of data. Cloud storage helps IoT limited-resource IOT devices process the massive data. However, cloud servers are untrusted in most scenarios as they may illegally obtain sensitive data. Although existing symmetric searchable encryption (SSE) schemes can protect the privacy of outsourced data while preserve data availability, Most of them leak access and search patterns to the cloud server to gain better performance. Such leakages will be used to recover private information. Meanwhile, semi-honestly secure searchable encryption cannot prevent attacks done by the malicious server such as returning the false search result. Therefore, it is still a challenge to prevent malicious cloud server misbehavior, and preserve patterns, simultaneously. This paper proposes OpenSE to solve the aforementioned problems. First, this paper constructs FastOPE as a major building block. With the OPE protocol, the verifiable searchable encryption OpenSE can be trivially realized. After that, security proofs show that OpenSE is secure against malicious cloud servers with access and search pattern hidden. Finally, we implement experiments on real datasets to compare OpenSE with some state-of-the-art works in terms of running time of setup phase and search phase as well as storage overhead. The experimental results show that OpenSE outperforms the state-of-the-art works in terms of setup phase and storage overhead. In addition, the theoretic comparison shows that OpenSE outperforms most existing works in terms of security, in which OpenSE enjoys both verifiability and pattern hidden.

Ming Li,Shucheng Yu,Kui Ren,Wenjing Lou,Y. Thomas Hou

DOI: https://doi.org/10.1109/mnet.2013.6574666

IF: 10.294

2013-01-01

IEEE Network

Abstract:Cloud computing is envisioned as the next generation architecture of IT enterprises, providing convenient remote access to massively scalable data storage and application services. While this outsourced storage and computing paradigm can potentially bring great economical savings for data owners and users, its benefits may not be fully realized due to wide concerns of data owners that their private data may be involuntarily exposed or handled by cloud providers. Although end-to-end encryption techniques have been proposed as promising solutions for secure cloud data storage, a primary challenge toward building a full-fledged cloud data service remains: how to effectively support flexible data utilization services such as search over the data in a privacy-preserving manner. In this article, we identify the system requirements and challenges toward achieving privacy-assured searchable outsourced cloud data services, especially, how to design usable and practically efficient search schemes for encrypted cloud storage. We present a general methodology for this using searchable encryption techniques, which allows encrypted data to be searched by users without leaking information about the data itself and users' queries. In particular, we discuss three desirable functionalities of usable search operations: supporting result ranking, similarity search, and search over structured data. For each of them, we describe approaches to design efficient privacy-assured searchable encryption schemes, which are based on several recent symmetric-key encryption primitives. We analyze their advantages and limitations, and outline the future challenges that need to be solved to make such secure searchable cloud data service a reality.

Brian Kishiyama,Izzat Alsmadi

DOI: https://doi.org/10.11648/j.ijsts.20241202.11

2024-03-20

International Journal of Science, Technology and Society

Abstract:Cloud Service Providers, exemplified by industry leaders like Google Cloud Platform, Microsoft Azure, and Amazon Web Services, deliver a dynamic array of cloud services in an ever-evolving landscape. This sector is witnessing substantial growth, with enterprises such as Netflix and PayPal heavily relying on cloud infrastructure for various needs such as data storage, computational resources, and various other services. The adoption of cloud solutions by businesses not only facilitates cost reduction but also fosters flexibility and supports scalability. Despite the undeniable advantages, concerns surrounding security and privacy persist in the realm of Cloud Computing. Given that Cloud services are accessible via the internet, there is a potential vulnerability to unauthorized access by hackers or malicious entities from anywhere in the world. A crucial aspect of addressing this challenge is the implementation of robust security measures, particularly focusing on data protection. To safeguard data in the Cloud, a fundamental recommendation is the encryption of data prior to uploading. Encryption should be maintained consistently, both during storage and in transit. While encryption enhances security, it introduces a potential challenge for data owners who may need to perform various operations on their encrypted data, such as accessing, modifying, updating, deleting, reading, searching, or sharing them with others. One viable solution to balance the need for data security and operational functionality is the adoption of Searchable Encryption (SE). SE operates on encrypted data, allowing authorized users to perform certain operations without compromising the security of sensitive information. The effectiveness of SE has notably advanced since its inception, and ongoing research endeavors aim to further enhance its capabilities. This paper provides a comprehensive review of the functionality of Searchable Encryption, with a primary focus on its applications in Cloud services during the period spanning 2019 to 2023. Additionally, the study evaluates one of its prominent schemes, namely Fully Homomorphic Encryption (FHE). The analysis indicates an overall positive trajectory in SE research, showcasing increased efficiency as multiple functionalities are aggregated and rigorously tested.

Jie Zhu,Qi Li,Cong Wang,Xingliang Yuan,Qian Wang,Kui Ren

DOI: https://doi.org/10.1109/tpds.2018.2808283

IF: 5.3

2018-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Searchable Symmetric Encryption (SSE) has been widely studied in cloud storage, which allows cloud services to directly search over encrypted data. Most SSE schemes only work with honest-but-curious cloud services that do not deviate from the prescribed protocols. However, this assumption does not always hold in practice due to the untrusted nature in storage outsourcing. To alleviate the issue, there have been studies on Verifiable Searchable Symmetric Encryption (VSSE), which functions against malicious cloud services by enabling results verification. But to our best knowledge, existing VSSE schemes exhibit very limited applicability, such as only supporting static database, demanding specific SSE constructions, or only working in the single-user model. In this paper, we propose GSSE, the first generic verifiable SSE scheme in the single-owner multiple-user model, which provides verifiability for any SSE schemes and further supports data updates. To generically support result verification, we first decouple the proof index in GSSE from SSE. We then leverage Merkle Patricia Tree (MPT) and Incremental Hash to build the proof index with data update support. We also develop a timestamp-chain for data freshness maintenance across multiple users. Rigorous analysis and experimental evaluations show that GSSE is secure and introduces small overhead for result verification.

Guofeng Wang,Chuanyi Liu,Yingfei Dong,Peiyi Han,Hezhong Pan,Binxing Fang

DOI: https://doi.org/10.1109/access.2017.2786026

IF: 3.9

2018-01-01

IEEE Access

Abstract:Searchable Encryption (SE) has been extensively examined by both academic and industry researchers. While many academic SE schemes show provable security, they usually expose some query information (e.g., search and access patterns) to achieve high efficiency. However, several inference attacks have exploited such leakage, e.g., a query recovery attack can convert opaque query trapdoors to their corresponding keywords based on some prior knowledge. On the other hand, many proposed SE schemes require significant modification of existing applications, which makes them less practical, weak in usability, and difficult to deploy. In this paper, we introduce a secure and practical searchable symmetric encryption scheme with provable security strength for cloud applications, called IDCrypt, which improves the search efficiency, and enhances the security strength of SE using symmetric cryptography. We further point out the main challenges in securely searching on multiple indexes and sharing encrypted data between multiple users. To address the above issues, we propose a token-adjustment search scheme to preserve the search functionality among multi-indexes, and a key sharing scheme which combines identity-based encryption and public-key encryption. Our experimental results show that the overhead of the key sharing scheme is fairly low.

Jing Yao,Yifeng Zheng,Cong Wang,Xiaolin Gui

DOI: https://doi.org/10.1109/access.2018.2810297

IF: 3.9

2018-01-01

IEEE Access

Abstract:Searchable symmetric encryption (SSE) is a widely popular cryptographic technique that supports the search functionality over encrypted data on the cloud. Despite the usefulness, however, most of existing SSE schemes leak the search pattern, from which an adversary is able to tell whether two queries are for the same keyword. In recent years, it has been shown that the search pattern leakage can be exploited to launch attacks to compromise the confidentiality of the client's queried keywords. In this paper, we present a new SSE scheme which enables the client to search encrypted cloud data without disclosing the search pattern. Our scheme uniquely bridges together the advanced cryptographic techniques of chameleon hashing and indistinguishability obfuscation. In our scheme, the secure search tokens for plaintext keywords are generated in a randomized manner, so it is infeasible to tell whether the underlying plaintext keywords are the same given two secure search tokens. In this way, our scheme well avoids using deterministic secure search tokens, which is the root cause of the search pattern leakage. We provide rigorous security proofs to justify the security strengths of our scheme. In addition, we also conduct extensive experiments to demonstrate the performance. Although our scheme for the time being is not immediately applicable due to the current inefficiency of indistinguishability obfuscation, we are aware that research endeavors on making indistinguishability obfuscation practical is actively ongoing and the practical efficiency improvement of indistinguishability obfuscation will directly lead to the applicability of our scheme. Our paper is a new attempt that pushes forward the research on SSE with concealed search pattern.